GHSA-56f9-5563-m2h7

Source

https://github.com/advisories/GHSA-56f9-5563-m2h7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-56f9-5563-m2h7/GHSA-56f9-5563-m2h7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-56f9-5563-m2h7

Aliases

CVE-2015-8755

Published

2022-05-17T03:59:51Z

Modified

2024-02-20T05:21:38.031085Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Typo3 XSS Vulnerability

Details

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2016-01-08T19:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2023-08-04T23:08:49Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.2

Fixed

6.2.16

Affected versions

6.*

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

6.2.10-rc1

6.2.10

6.2.11

6.2.12

6.2.13

6.2.14

6.2.15

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-56f9-5563-m2h7/GHSA-56f9-5563-m2h7.json"

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0

Fixed

7.6.1

Affected versions

7.*

7.0.0

7.0.1

7.0.2

7.1.0

7.2.0

7.3.0

7.3.1

7.4.0

7.5.0

7.6.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-56f9-5563-m2h7/GHSA-56f9-5563-m2h7.json"